PDF exploit

  • Thread starter Thread starter Boris Mohar
  • Start date Start date
I read this as an *Adobe* exploit/bug, not PDF. Says "fixed in Adobe
8". Are other PDF readers vulnerable? Is one vulnerable if there is
no PDF reader?
Click to expand...
I don't know about other PDF viewers, but my guess is that some may be
vulnerable in this way and some may not be.

In answer to your second question, if you don't have a PDF reader, than
there's no vulnerable PDF-reader to exploit, so you're in the clear with
vulnerabilities of this nature.

Regards,

Will
 
Beauregard said:
I read this as an *Adobe* exploit/bug, not PDF. Says "fixed in Adobe 8".
Are other PDF readers vulnerable? Is one vulnerable if there is no PDF
reader?
Click to expand...
I have Adobe 8 on a W2K machine. It is vulnerable, at least on that
machine. Will try it on some XP boxes next.
 
Duh_OZ said:
I have Adobe 8 on a W2K machine. It is vulnerable, at least on that
machine. Will try it on some XP boxes next.
Click to expand...
===========
Oops, cleared my cache, temp files, yaday, yada, yada and now get "not
allowed" while trying the links with the javascript alerts appended on.

Here's a condensed test link: http://tinyurl.com/y4anpl
Vulnerable will have an alert '123' pop up.
 
Duh_OZ said:
=========== Oops, cleared my cache, temp files, yaday, yada, yada and
now get "not allowed" while trying the links with the javascript
alerts appended on.

Here's a condensed test link: http://tinyurl.com/y4anpl
Vulnerable will have an alert '123' pop up.
Click to expand...

No problem with that page for me, using Win2K, Firefox and FoxItReader.
 
===========
Oops, cleared my cache, temp files, yaday, yada, yada and now get "not
allowed" while trying the links with the javascript alerts appended on.

Here's a condensed test link: http://tinyurl.com/y4anpl
Vulnerable will have an alert '123' pop up.
Click to expand...

I tried the above link on an XP with version 6 Acrobat that has not
been updated for a couple of years. I did not get a pop up. Either the
test is unreliable or version 6 does not have the problem.
 
Ike said:
I tried the above link on an XP with version 6 Acrobat that has not
been updated for a couple of years. I did not get a pop up. Either the
test is unreliable or version 6 does not have the problem.
Click to expand...
============
I just tried it on an NT 4 box using ver 5.1 and an XP box, using ver
6.0. Neither even brought up the PDF file, much alone the alert box.
If I did file->open(from within IE) and pasted in the link. Both the
alert and PDF document came up. Go figure.

Currently I unchecked the PDF extesion in FF so it now asks what I want
to do with the PDF file. Opening it by itself causes no problems,
this on the W2K, having ver 8.0. Too lazy to try and fiddle with
the IE on the NT or XP box in order to have Adobe opened separatly.
 
Beauregard said:
No problem with that page for me, using Win2K, Firefox and FoxItReader.
Click to expand...
I did have a problem running foxit with Adobe 7 installed. I'm a bit
confused, most of the time when I clicked on a web .pdf link, I thought
it used foxit. Anyway, I was getting the exploit. I removed Adobe
completely, now I no longer get the exploit after a one time dialog box
asking me for application to use, which causes me to think maybe I'm not
remembering previous action correctly. Also, I now see the download box
which I didn't see before. Actually I prefer that, at least I know why
I'm waiting. So to cut a long story short, no problem with winxp sp2 and
foxit 2.0
Dave Cohen
Dave Cohen
 
Back
Top